A server and a client can be protected such as with a secure socket layer (SSL) connection between the server and client. SSL is a protocol that provides security for communications over networks such as the Internet. A server may obtain a certificate for allowing an encryption key to be generated for establishing the SSL connection with a client. A certificate can contain the name of the server or other entity that is being identified, the server's public key, the name of the issuing CA, and other information proving that the certificate is authenticated. When a certificate is issued, the certificate and certificate information are typically stored in one or more databases. Other information may include a public key, a private key for decrypting encrypted content, and/or whether or not a certificate is trusted for a particular purpose (trust information). For example, a user may wish to view an encrypted email message received by the user and a client email application can search for the private key to decrypt the email.
The key may be associated with a particular cryptographic standard, such as the public key cryptography standard (PKCS), for example, the PKCS #11 industry standard. An application, such as a web browser or an email application, can construct a request for the key through a security module, such as a network security services (NSS) module, which can initialize a PKCS-based module (e.g., PKCS #11-based module) to open the database storing the security data (e.g., the key to decrypt the email). NSS can use a PKCS-based module to open a database by calling an initialization function to initialize the PKCS-based module. The PKCS industry standard allows a module to be initialized once, and while the module is initialized, other calls to use the module will produce an error. The module cannot be initialized again until the module is shut down. Therefore, a PKCS-based module cannot open additional databases until the PKCS-based module is shut down.
In addition, there is not an efficient means to share security data between applications. Typically, each application has its own database and may obtain security data and store the security data in its own database. For example, a user may use an email application and a web browsing application. The web browsing application may first request a certificate, and obtain and store the certificate in its own database. The certificate, therefore, may not be available to other applications, such as the email application.